TalkTalk Data Breach Sees Customers Targeted After Engineering Visits

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined
as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

TalkTalk’s reputation for customer security could be damaged even further following claims that criminals have obtained information about engineering visits in an attempt to commit fraud.

Customers told BBC Radio 4’s Moneybox programme they had received calls purporting to be from TalkTalk days after receiving a visit from an engineer, late last year.

In each case, the engineer had said to expect a follow-up call from either TalkTalk or Openreach, but the recipients were still suspicious. However the callers were able to provide the name of engineers, account numbers and even the reference number for the visit, creating the impression that the call was genuine.

TalkTalk data breach

The customers, who were told TalkTalk needed to conduct tests or fix a fault remotely, were then requested to download software that would give the criminals remote access to the computers. The attackers then attempted to change passwords or steal money.

In one case, the customer was able to shut down his PC in time, but another had £300 stolen from her PayPal account, although this was refunded by her bank.

One complained to TalkTalk CEO Dido Harding, but her office said they had no record of the call and dismissed a possible explanation of tampered records. However it later acknowledged the issue and reported it to the Information Commissioner’s Office (ICO).

The company is adamant that it has not received any new complaints since the turn of the year, but another person told the BBC they had received a scam call only this week.

TalkTalk is unable to comment on whether the breach is related to the arrest of three people working for Wipro, one of its outsourcing suppliers in India, as this case is ongoing.

However this is the latest in a series of breaches at TalkTalk, the most serious of which occurred in October.

The scale of the assault was less than originally feared, but 1.2 million email addresses, names and phone numbers were stolen, as were 21,000 account numbers and sort codes and 28,000 partial card details. However, TalkTalk maintains that the data stolen is not sufficient for the attackers to steal money.

Of course people leave. This is not the first time their data has been stolen. Since several months ago, I found many reports filed at sites like http://whycall.me about these Dell scams, which caused by the leak of data that TalkTalk has suffered. After we know about these all, who will still be its customer? They have failed to protect customers’ data.